Centos7 http无法正常启动。 httpd 可以工作,systemctl start httpd 不能

Centos7 http无法正常启动。 httpd 可以工作,systemctl start httpd 不能

我可以直接通过 启动apache httpd,但无法通过 启动它systemctl start httpd。我更喜欢守护程序方法,这样我就可以让它自动启动。

有人遇到这个问题吗?这是在新的 CentOS7 虚拟机上。

systemctl启动http

Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

systemctl 状态 httpd.service

    ● httpd.service - The Apache HTTP Server
       Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
       Active: failed (Result: exit-code) since Tue 2018-03-20 17:20:54 EDT; 37s ago
         Docs: man:httpd(8)
               man:apachectl(8)
      Process: 7025 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
      Process: 7024 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
     Main PID: 7024 (code=exited, status=1/FAILURE)

    Mar 20 17:20:54 test.local.com systemd[1]: Starting The Apache HTTP Server...
    Mar 20 17:20:54 test.local.com systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
    Mar 20 17:20:54 test.local.com kill[7025]: kill: cannot find process ""
    Mar 20 17:20:54 test.local.com systemd[1]: httpd.service: control process exited, code=exited status=1
    Mar 20 17:20:54 test.local.com systemd[1]: Failed to start The Apache HTTP Server.
    Mar 20 17:20:54 test.local.com systemd[1]: Unit httpd.service entered failed state.
    Mar 20 17:20:54 test.local.com systemd[1]: httpd.service failed.

日志控制-xe

巴斯德宾

/etc/httpd/logs/error_log

巴斯德宾

对默认配置所做的唯一更改:

/etc/httpd/conf/httpd.conf
IncludeOptional sites-enabled/*.conf

/etc/httpd/sites-enabled/local.com.conf
<VirtualHost *:80>
    ServerName test.local.com
    ServerAlias local.com
    Redirect / https://local.com
</VirtualHost>

<VirtualHost _default_:443>
    ServerName test.local.com
    ServerAlias local.com
    ServerAdmin [email protected]

    DocumentRoot /var/www/local.com/public_html

    ErrorLog /var/www/local.com/error.log
    CustomLog /var/www/local.com/access.log common

    SSLEngine On
    SSLCertificateFile /etc/ssl/certs/www/local.com.crt
    SSLCertificateKeyFile /etc/ssl/certs/www/local.com.key
</VirtualHost>

仅开放端口:

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-dmc --reload

以下是我在全新 CentOS7 安装中完成的整个过程:

Fresh CentOS 7 installation (VM)

yum upgrade -y

yum search http
yum install -y httpd httpd-devel mod_ssl openssl

systemctl start httpd

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --reload

    Browse to 192.168.1.241
        Apache is live!

yum search mariadb
yum install -y mariadb-server

systemctl start mariadb
mysql_secure_installation

    mysql -uroot -p
        Login to mysql server works!

yum search php

yum install -y php php-cli php-dba php-devel php-fpm php-mysql php-process php-pspell php-xml

systemctl restart httpd

    Browse to 192.168.1.241/info.php
        PHP is live!

mkdir /etc/httpd/sites-enabled
echo "IncludeOptional sites-enabled/*.conf" >> /etc/httpd/conf/httpd.conf

/etc/httpd/sites-enabled/local.com.conf
    <VirtualHost *:80>
        ServerName test.local.com
        ServerAlias local.com
        Redirect permenent / https://local.com
    </VirtualHost>

    <VirtualHost _default_:443>
        ServerName test.local.com
        ServerAlias local.com
        ServerAdmin [email protected]

        DocumentRoot /var/www/local.com/public_html

        ErrorLog /var/www/local.com/error.log
        CustomLog /var/www/local.com/access.log combined

        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/www/local.com.crt
        SSLCertificateKeyFile /etc/ssl/certs/www/local.com.key
    </VirtualHost>

mkdir -p /var/www/local.com/public_html

chown -R apache:apache /var/www/local.com/public_html
chmod -R 755 /var/www

cd /etc/ssl/certs/www
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout local.com.key -out local.com.crt

    Browse to 192.168.1.241
        Unsecure service (self signed ssl) accept
        Site is live!
        I was redirected to https://local.com

NOTE: I added the following to my desktop's (separate PC) /etc/hosts
    192.168.1.241 test.local.com local.com

    This acts as a DNS record for my site

yum install -y epel-release
yum install -y phpmyadmin

edit /etc/httpd/conf.d/phpMyAdmin.conf
    Add under any line with Require ip 127.0.0.1 with
    Require ip 192.168.1.5

    Add under any line with Allow from 127.0.0.1 with
    Allow from 192.168.1.5

systemctl restart httpd # FAILS
kill pid for httpd
httpd # start httpd directly
    Access https://local.com/phpMyAdmin
    Now have access to phpMyAdmin

    Login with root, 12345
    And have mariadb access!

yum install -y awstats

edit /etc/httpd/conf.d/awstats.conf
     Change Require ip and Allow ip same as phpMyAdmin

cp /etc/awstats/awstats.localhost.localdomain.conf /etc/awstats/awstats.local.com.conf

edit /etc/awstats/awstats.local.com.conf
     LogFile="/var/log/httpd/access.log"
     SiteDomain="www.local.com"
     HostAliases="local.com 127.0.0.1"

echo "*/30 * * * * root /usr/share/awstats/wwwroot/cgi-bin/awstats.pl -config=www.local.com -update" >> /etc/crontab

kill httpd pid
httpd

    Browse to https://local.com/awstats/awstats.pl?config=local.com
        Awstats is live!

答案1

您在使用 SELinux 时遇到了麻烦。

出于安全原因,CentOS 7 发布的规则将阻止 httpd 写入 下的文件/var/www

您正在将 VirtualHost 的日志文件配置为位于该目录下的某个位置:

    ErrorLog /var/www/local.com/error.log
    CustomLog /var/www/local.com/access.log combined

因此,当 httpd(由 systemd 启动)尝试写入这些日志文件时,SELinux 将阻止这种情况,最终导致 httpd 退出并显示错误退出代码。

您可以使用以下命令进行确认ausearch,该命令检查审核日志(存储在 下/var/log/audit/audit.log)中的条目:

$ sudo ausearch -m avc
type=AVC msg=audit(1234567890.123:234): avc:  denied  { write } for  pid=12345 comm="httpd" name="local.com" dev="sda1" ino=12345678 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=dir

在此消息中,您将看到写入的目标标有httpd_sys_content_t。如果您ls -Z在日志文件上使用,您会看到它们以这种方式标记:

$ ls -Z /var/www/local.com/
-rw-r--r--. root   root   unconfined_u:object_r:httpd_sys_content_t:s0 access.log                                                                                         
-rw-r--r--. root   root   unconfined_u:object_r:httpd_sys_content_t:s0 error.log                                                                                          
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 public_html

这只影响由 systemd 启动的 httpd 而不是直接运行 httpd 时的原因是你的 SSH 会话在“无限制”域中运行,因此在那里运行 httpd 不会触发任何 SELinux 转换...当通过 systemd 启动时,它会在启动守护进程时应用正确的 SELinux 权限。

chcon您可以通过使用命令更改这些文件的 SELinux“类型”来临时解决这个问题:

$ sudo chcon -t httpd_log_t /var/www/local.com/*.log
$ ls -Z /var/www/local.com/
-rw-r--r--. root   root   unconfined_u:object_r:httpd_log_t:s0 access.log
-rw-r--r--. root   root   unconfined_u:object_r:httpd_log_t:s0 error.log
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 public_html

到那时,通过 systemctl 启动 httpd 就可以正常工作了......

但这不是一个很好的解决方案,因为如果重新创建这些文件(例如,在日志轮换期间)或者您的文件系统被重新标记,SELinux 类型将会丢失......

有一些方法可以使该类型更持久(例如,命令semanage fcontext),但是 SELinux 策略在这里试图实现的是防止将 Web 内容与日志混合,以防止意外提供日志文件或覆盖 Web 内容。

/var/log/httpd正确的答案是在、 或该目录的子目录下创建日志文件。如果这样做,SELinux 类型从一开始就是正确的,并且在任何操作(包括 SELinux 重新标签)中都将保持正确,并且一切都应该按预期工作。

因此,如果您可以将日志放在下面/var/log/httpd,那应该可以解决这个问题!

相关内容